An intelligent method for real-time detection of DDoS attack based on fuzzy logic
- First Online:
- 95 Downloads
The paper puts forward a variance-time plots method based on slide-window mechanism to calculate the Hurst parameter to detect Distribute Denial of Service (DDoS) attack in real time. Based on fuzzy logic technology that can adjust itself dynamically under the fuzzy rules, an intelligent DDoS judgment mechanism is designed. This new method calculates the Hurst parameter quickly and detects DDoS attack in real time. Through comparing the detecting technologies based on statistics and feature-packet respectively under different experiments, it is found that the new method can identify the change of the Hurst parameter resulting from DDoS attack traffic with different intensities, and intelligently judge DDoS attack self-adaptively in real time.
Key wordsAbnormal traffic Distribute Denial of Service (DDoS) Real-time detection Intelligent control Fuzzy logic
Unable to display preview. Download preview PDF.
- T. E. Ozkurt, T. Akgul, and S. Baykut. Principal component analysis of the fractional brownian motion for 0<H<0.5. Proceedings of the International conference on Acoustics, Speech and Signal Processing (ICASSP’2006), Toulouse, France, May 21–24, 2006, vol.3, 488–491.Google Scholar
- Y. G. Kim, A. Shiravi, and P. S. Min. Congestion prediction of self-similar network through parameter estimation. Network Operations and Management Symposium, Vancouver, Canada, April 5, 2006, 1–4.Google Scholar
- Guanghui He and J. C. Hou. An in-depth, analytical study of sampling techniques for self-similar internet traffic. The 25th International Conference on Distributed Computing Systems, Columbus, OH, June 6–10, 2005, 404–413.Google Scholar
- H. F. Zhang, Y. T. Shu, and Oliver Yang. Estimation of Hurst parameter by variance-time plots. Proceedings of the IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Victoria, BC, Canada, Aug. 20–22, 1997, vol.2, 883–886.Google Scholar
- A. Popescu. Traffic self-similarity. IEEE International Conference on Telecommunications (ICT’2001), Bucharest, Romania, June 8, 2001, 20–24.Google Scholar
- T. Hagiwara, H. Doi, H. Tode, et al. High-speed calculation method of the Hurst parameter based on real traffic. Proceedings of the 25th Annual IEEE Conference on Local Computer Networks, Tampa, Florida, USA, Nov. 8–10, 2000, 662–669.Google Scholar
- Information Systems Technology Group of MIT Lincoln Laboratory. The 1999 DARPA intrusion detection evaluation data set. http://www.ll.mit.edu/IST/ideval, June 18, 2006.
- Qin Yu, Yuming Mao, Taijun Wang, et al. Hurst parameter estimation and characteristics analysis of aggregate wireless LAN traffic. Proceedings of the International Conference on Communications, Circuits and Systems, Hong Kong, China, May 27–30, 2005, vol.1, 339–345.Google Scholar
- Lixin Wang and Yingjun Wang. A Course in Fuzzy Systems & Control. 1st ed. Beijing, China, Tsinghua University Press, 2003, 55–66 (in Chinese). 王立新, 王迎军. 模糊系统与模糊控制教程. 第一版. 北京, 清华大学出版社, 2003, 55–66.Google Scholar
- M. Sato and Y. Sato. Fuzzy clustering model for asymmetry and self-similarity. Proceedings of the Sixth IEEE International Conference on Fuzzy Systems, Barcelona, Spain, July 1–5, 1997, vol.2, 963–968.Google Scholar
- H. Debar and A. Wespi. Aggregation and correlation of intrusion-detection alerts. Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, Davis, CA, October 10–12, 2001, 85–103.Google Scholar
- Y. Soejima, E. Y. Chen, and H. Fuji. Detecting DDoS attacks by analyzing client response patterns. Proceedings of the 2005 Symposium on Applications and the Internet Workshops, Saint Workshops, Italy, Jan. 31–Feb. 4, 2005, 98–101.Google Scholar